New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
can't use multiple HTTP Headers with the same name #130
Comments
This first needs to be allowed by Python-Requests: #1155 Add MultiDict Support |
The suggested workaround of using: Using Using Finatra/Finagle header implementation treats headers as multi-map so they do offer a With |
I found what the problem is, can I take this task? |
I can't answer whether you can take this or not but I'm interested in what the problem is, can you provide some details? |
https://github.com/httpie/httpie/blob/fd44f1af93ce1d2c84f324b8474d2d075b5a7b13/httpie/input.py#L133 Here we give our arguments to a parser built into a Python, and inside it uses dict instead of multidict resulting in key mashing. I just wanted to ask the community - in what form it is better to solve it. 1. There is the idea, or completely rewrite the logic of parsing, 2. Just add a function that will glue the value of the same keys. |
As noted in the upstream bug, RFC 7230 says A sender MUST NOT generate multiple header fields with the same field name in a message unless either the entire field value for that header field is defined as a comma-separated list [i.e., #(values)] or the header field is a well-known exception. The RFC is not very clear about it but the only well-known exception seems to be So httpie could just give some sort of warning on repeated headers, as such requests tend to be incorrect. |
Requests implemented MultiDict in psf/requests#1155 , but it works for response only. Also, they don't support multiple header field lines, they'd get combined into a single line as per RFC. We could do that in httpie as well. The complete fix would need to use urllib3 directly. |
Something so simple yet so unsupported nowadays. Except for httpx. Also I have made something basic to help resolving issues with headers. Check out https://github.com/Ousret/kiss-headers if anyone is looking for a solution. |
As people already quoted RFC 7230, Section 3.22 says;
Which I interpret as, if a header is required to be sent multiple times with different values it can be either of these;
Normally the safer way to go is just preparing the HTTP request to contain the same header multiple times (just like So I believe we can make the assumption that if a user passes us multiple HTTP headers with the same name, we can combine their values into a single list that is joined with Here is a draft patch that basically implements the said functionality: isidentical@678180e (for the sending part of the CLI(, not the receiving). |
This looks like a correct interpretation to me 👍 We (and Requests) already handle repeated response headers correctly, so we don’t need to change anything there: $ https -h github.com | grep Set-Cookie | wc -l
3
Agree, this would probably be the best/safest solution. Benefit 1/ It would give the user a choice:
Benefit 2/ Even though these two representations are semantically identically, the user might be interested in testing if/how a server handles the individual scenarios. HTTPie is popular in the pentesting community, for example, who tend to care about these low-level things.
What if we patched We already access each prepared request before we send it. So if, for example, simply providing a custom
This is correct 👍🏻 But let’s just explore the multi-line version a bit more first because it would be nice to provide the user the benefits that it offers.
This looks like a solid start for plan B. Feel free to open a draft PR. Quick feedback off the top of my head:
I wonder about the type mixing: maybe we should just ensure Other thoughts:
|
Seems like the underlying I'll create another branch with an implementation of the following suggestion.
Thanks for clarifying the actual behavior, I went with a little bit of an improvisation on this but can modify it to take this into account.
I feel like bytes is the way to go instead of ensuring everything is a string. Since
Sure (the implementation above was just a sketch of what I was planning, not the original patch so I tested the bare minimum. actual implementation will probably include way more comprehensive tests).
Wouldn't it make sense to bump the version number on the PR that is actually releasing this? But yes, this is a change of behavior (which I guess can be justified since AFAIK the previous behavior was undocumented). Thanks for your feedback again, will let you when I have the second implementation! |
In HTTP it allows multiple headers with the same name. However, when I went to test
webapp that seems to break when IE10 sends multiple cookie headers, I can't use httpie to test it as it only puts in the last header value in the request.
example:
$ http -v example.org Cookie:foo1=bar1 User-Agent:BAM\1.0 Cookie:foo2=bar2
Current output:
Expected output:
Really HTTP headers should be represented as a case-insensitive MultiMap of some sort, not a Dict.
The text was updated successfully, but these errors were encountered: